📄 dot1xauth.c
字号:
pUserNode->user_config.UserManTemIndex = MainTem[PortDefaultTem[port]].UserManageTempleteIndex;
isConfig = 1;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xDoWaitID", "PortDefaultTem matched!");
}
/*then check global config*/
if ((isConfig == 0) && (GlobalDefaultTem != 0))
{
pUserNode->AuthLocation = MainTem[GlobalDefaultTem].AuthLocation;
pUserNode->user_config.AuthMainTemIndex = MainTem[GlobalDefaultTem].AuthMainTempleteIndex;
pUserNode->user_config.UserManTemIndex = MainTem[GlobalDefaultTem].UserManageTempleteIndex;
isConfig = 1;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xDoWaitID", "GlobalDefaultTem matched!");
}
if (isConfig == 0)
{
/*---Del auth user node---*/
u_char MacKey[USER_KEY_LENGTH+1];
Dot1xAuthUserNode_t *temppUserNode;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "WAIT_USER_ID", "no main-template!!");
bzero(MacKey, USER_KEY_LENGTH+1);
memcpy(MacKey, pUserNode->UserKey, USER_KEY_LENGTH);
dot1xDelUserNode((void *)MacKey, &temppUserNode);
if (temppUserNode != NULL)
{
rc = bufPoolFree(gDot1xAuthUserNodeBufPool, (void *)temppUserNode);
if (rc == ERROR)
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "WAIT_USER_ID", "BufPool Free fail!!");
}
return ERROR;
}
/*---check auth style---*/
index = pUserNode->user_config.AuthMainTemIndex;
if (AuthTem[index].FirstAuthStyle != Auth_Style_Default
&& AuthTem[index].FirstAuthStyle != Auth_Style_Dot1x
&& AuthTem[index].SecondAuthStyle != Auth_Style_Dot1x)
{
/*---Del auth user node---*/
u_char MacKey[USER_KEY_LENGTH+1];
Dot1xAuthUserNode_t *temppUserNode;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "WAIT_USER_ID", "not config dot1x auth!");
bzero(MacKey, USER_KEY_LENGTH+1);
memcpy(MacKey, pUserNode->UserKey, USER_KEY_LENGTH);
dot1xDelUserNode((void *)MacKey, &temppUserNode);
if (temppUserNode != NULL)
{
rc = bufPoolFree(gDot1xAuthUserNodeBufPool, (void *)temppUserNode);
if (rc == ERROR)
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "WAIT_USER_ID", "BufPoolFree fail!!");
}
return ERROR;
}
/*---get dot1x templete index---*/
index = AuthTem[index].AuthDot1xTempleteIndex;
if (index == 0)
{
u_char MacKey[USER_KEY_LENGTH+1];
Dot1xAuthUserNode_t *temppUserNode;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "WAIT_USER_ID", "no dot1x-auth tem!!");
bzero(MacKey, USER_KEY_LENGTH+1);
memcpy(MacKey, pUserNode->UserKey, USER_KEY_LENGTH);
dot1xDelUserNode((void *)MacKey, &temppUserNode);
if (temppUserNode != NULL)
{
rc = bufPoolFree(gDot1xAuthUserNodeBufPool, (void *)temppUserNode);
if (rc == ERROR)
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "WAIT_USER_ID", "BufPoolFree fail!!");
}
return ERROR;
}
pUserNode->user_config.Dot1xTemIndex = index;
/*---decide Indentify---*/
if (dot1xIdentify == 255)
dot1xIdentify = 1; /* void id=0 */
else
dot1xIdentify++;
pUserNode->dot1xPacketHeadId = dot1xIdentify;
}
pUserNode->user_state = WAIT_USER_ID;
/*---Send request ID package---*/
TotalDot1xStat.dot1xAuthEapolReqIdFramesTx++;
TotalDot1xStat.dot1xAuthEapolFramesTx++;
Dot1xStat[pUserNode->userInfo.UserVid].dot1xAuthEapolReqIdFramesTx++;
Dot1xStat[pUserNode->userInfo.UserVid].dot1xAuthEapolFramesTx++;
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Req_Id, NULL, 0, pUserNode->dot1xPacketHeadId, MSG_NO_MESSAGE);
/* set wait_id_timer */
index = pUserNode->user_config.Dot1xTemIndex;
sendAddTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, Wait_ID_Timer, Dot1xTem[index].ReTransPriod, TimerRegisterID);
pUserNode->dot1xIDreSendNum++;
return OK;
}
STATUS dot1xDoWaitPW(Dot1xAuthUserNode_t *pUserNode)
{
int i;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoWaitPW");
/*del wait id timer*/
if (pUserNode->user_timer[Wait_ID_Timer] != NULL)
{
sendDelTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH,
pUserNode->user_timer[Wait_ID_Timer], Wait_ID_Timer, TimerRegisterID);
pUserNode->user_timer[Wait_ID_Timer] = NULL;
}
pUserNode->user_state = WAIT_USER_PASSWORD;
if (pUserNode->Authorized == 0 && pUserNode->dot1xPWreSendNum == 0)
{
/*---check frozen table---*/
for (i = 0; i < 100; i++)
{
if (FrozTbl[i].RowStatus == ROW_STATUS_ACTIVE)
{
if ((memcmp(FrozTbl[i].userMac, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH) == 0)
|| (FrozTbl[i].userPort == pUserNode->userInfo.PortNum && (FrozTbl[i].userVlan == pUserNode->userInfo.UserVid || FrozTbl[i].userVlan == 0))
|| ((strlen(FrozTbl[i].userDomain) != 0) && (strcmp(FrozTbl[i].userDomain, pUserNode->userInfo.DomainName) == 0))
|| ((strlen(FrozTbl[i].userName) != 0) && (strcmp(FrozTbl[i].userName, pUserNode->userInfo.UserName) == 0)))
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "WAIT_USER_PASSWORD", "user has been frozen!!");
pUserNode->OffLineReason = MSG_FROZEN_BY_MANAGE;
sendTrapToAgent(pUserNode);
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
return ERROR;
}
}
}
}
TotalDot1xStat.dot1xAuthEapolFramesTx++;
Dot1xStat[pUserNode->userInfo.UserVid].dot1xAuthEapolFramesTx++;
/*send request password*/
switch (Dot1xTem[pUserNode->user_config.Dot1xTemIndex].AuthStyle)
{
case DOT1X_AUTH_PROTOCOL_PAP:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "WAIT_USER_PASSWORD", "PAP protocol auth!");
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Req_PAP, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_NO_MESSAGE);
break;
case DOT1X_AUTH_PROTOCOL_LCBAP:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "WAIT_USER_PASSWORD", "LCBAP protocol auth!");
CreateRandomAuthenticator(pUserNode->LCChallenge);
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Req_LCBAP, pUserNode->LCChallenge, 16,
pUserNode->dot1xPacketHeadId, MSG_NO_MESSAGE);
break;
/*default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "WAIT_USER_PASSWORD", "nonsupport auth protocol!");
*/
}
/* set wait_pw_timer*/
i = pUserNode->user_config.Dot1xTemIndex;
sendAddTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, Wait_Pass_Timer, Dot1xTem[i].ReTransPriod, TimerRegisterID);
pUserNode->dot1xPWreSendNum ++;
return OK;
}
STATUS dot1xDoWaitAuth(Dot1xAuthUserNode_t *pUserNode)
{
STATUS rc;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoWaitAuth");
/* Del wait_pw_timer */
if (pUserNode->user_timer[Wait_Pass_Timer] != NULL)
{
sendDelTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH,
pUserNode->user_timer[Wait_Pass_Timer], Wait_Pass_Timer, TimerRegisterID);
pUserNode->user_timer[Wait_Pass_Timer] = NULL;
}
pUserNode->user_state = WAIT_AUTH_RESPONSE;
/* send radius access request */
rc = radius_auth_request_message(pUserNode->userInfo.UserName, pUserNode->userInfo.UserPWD,
pUserNode->userInfo.UserIp, pUserNode->userInfo.UserMac, pUserNode->userInfo.PortNum-1,
pUserNode->userInfo.UserVid, RadiusRegisterID, AUTH_PROTOCOL_PAP);
if (rc == ERROR)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_CRIT, "WAIT_AUTH_RESPONSE", "send radius-access-request failure!!");
pUserNode->OffLineReason = MSG_SERVER_TIMEOUT;
pUserNode->TerminateCause = NAS_ERROR;
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
return ERROR;
}
gSendRadiusAuthRequest++;
/* send wait auth timer */
sendAddTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, Wait_Auth_Timer,
DOT1X_RADIUS_TIMEOUT, TimerRegisterID);
return OK;
}
STATUS dot1xDoAuthSucc(Dot1xAuthUserNode_t *pUserNode)
{
int index1, index2;
STATUS rc;
u_long timer;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoAuthSucc");
TotalSuccess ++;
/* del timer*/
if (pUserNode->AuthLocation == LocalAuthenticate)
timer = Wait_Pass_Timer;
else
timer = Wait_Auth_Timer;
if (pUserNode->user_timer[timer] != NULL)
{
sendDelTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, pUserNode->user_timer[timer],
timer, TimerRegisterID);
pUserNode->user_timer[timer] = NULL;
}
pUserNode->user_state = AUTH_SUCCESSFUL;
TotalDot1xStat.dot1xAuthEapolFramesTx++;
Dot1xStat[pUserNode->userInfo.UserVid].dot1xAuthEapolFramesTx++;
/* send dhcp add_user*/
if (strlen(pUserNode->userInfo.DomainName) > 0)
rc = dhcp_addUser_message(pUserNode->userInfo.UserMac,
pUserNode->userInfo.UserVid, pUserNode->userInfo.PortNum-1,
pUserNode->userInfo.DomainName, 0, DHCPRegisterID);
else
rc = dhcp_addUser_message(pUserNode->userInfo.UserMac,
pUserNode->userInfo.UserVid, pUserNode->userInfo.PortNum-1,
NULL, 0, DHCPRegisterID);
if (rc == ERROR)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_CRIT, "AUTH_SUCCESSFUL", "send dhcp-add-user failure!");
pUserNode->OffLineReason = MSG_DHCP_ERROR;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
return ERROR;
}
gSendDHCPAddMsgNum++;
/* add dhcp timer*/
sendAddTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, Wait_DHCP_Timer,
DOT1X_DHCP_TIMEOUT, TimerRegisterID);
pUserNode->Authorized = 1;
/* clear Abnormal table */
if (memcmp(AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH) == 0
&& AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason == FAIL_BY_REJECT)
{
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 0;
}
index1 = pUserNode->user_config.UserManTemIndex;
index2 = pUserNode->user_config.Dot1xTemIndex;
if (UsrManTem[index1].AntiProxy == TRUE)
{
if (Dot1xTem[index2].ReAuthEn == TRUE)
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Success, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_OPEN_PROXY_WITH_REAUTH);
else
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Success, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_OPEN_PROXY_CHECK);
}
else
{
if (Dot1xTem[index2].ReAuthEn == TRUE)
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Success, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_CLOSE_PROXY_WITH_REAUTH);
else
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Success, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_CLOSE_PROXY_CHECK);
}
ToNewState(ON_LINE_CONFIRM, 1, pUserNode, NULL);
return OK;
}
STATUS dot1xDoAuthFail(Dot1xAuthUserNode_t *pUserNode)
{
int index;
u_long temp;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoAuthFail");
/* del all timer*/
dot1xDelAllTimer(pUserNode);
pUserNode->user_state = AUTH_FAILURE;
pUserNode->Authorized = 2;
/*---If Add to Black List or not---*/
if (pUserNode->OffLineReason == MSG_PASSWORD_ERROR)
temp = FAIL_BY_REJECT;
index = pUserNode->user_config.UserManTemIndex;
if (UsrManTem[index].RecBlackList == TRUE && UsrManTem[index].BlackListPolicyIndex != 0)
{
/*--Add to Abnormal Table---*/
if (memcmp(AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH) == 0)
{
if (AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason != temp)
{
AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason = temp;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 1;
}
else
AbnormTbl[pUserNode->userInfo.UserMac[5]].times ++;
}
else
{
memcpy(AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH);
AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason = temp;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 1;
}
/*--Add to Abnormal Table End---*/
/*---Record to BlackList---*/
index = UsrManTem[index].BlackListPolicyIndex;
if (BlkNum < 100 && BlkPolcy[index].Times != 0)
{
if ((BlkPolcy[index].Event == temp) && (BlkPolcy[index].Status == ROW_STATUS_ACTIVE))
if (AbnormTbl[pUserNode->userInfo.UserMac[5]].times >= BlkPolcy[index].Times)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xDoAuthFail", "Add a row in black table!");
memcpy(BlkTbl[BlkNum].userMAC, AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, MAC_ADDR_LENGTH);
memcpy(BlkTbl[BlkNum].userDomain, pUserNode->userInfo.DomainName, 8);
strcpy(BlkTbl[BlkNum].userName, pUserNode->userInfo.UserName);
BlkTbl[BlkNum].userReason = temp;
BlkTbl[BlkNum].userVlan = pUserNode->userInfo.UserVid;
BlkTbl[BlkNum].userPort = pUserNode->userInfo.PortNum;
BlkNum ++;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 0;
}
} /*---Record to BlackList End---*/
}
/*---Add to Black List End---*/
/* send radius abnormal */
/*if (pUserNode->AuthLocation == RadiusAuthenticate)
radius_User_Abnormal_message(pUserNode->userInfo.UserName, pUserNode->userInfo.UserIp,
pUserNode->userInfo.UserMac, pUserNode->userInfo.PortNum-1, pUserNode->userInfo.UserVid,
RadiusRegisterID, pUserNode->TerminateCause);
*/
/* send failure to client */
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Failure, NULL, 0,
pUserNode->dot1xPacketHeadId, pUserNode->OffLineReason);
/* set de-attack timer*/
index = pUserNode->user_config.Dot1xTemIndex;
sendAddTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, De_Attack_Timer,
Dot1xTem[index].HoldPriod, TimerRegisterID);
return OK;
}
STATUS dot1xDoUserOnline(Dot1xAuthUserNode_t *pUserNode)
{
int i;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoUserOnline");
pUserNode->user_state = USER_ON_LINE;
i = pUserNode->user_config.Dot1xTemIndex;
/*---Send request ID package---*/
TotalDot1xStat.dot1xAuthEapolReqIdFramesTx++;
Tot⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -